Wednesday, 23 July 2014

A Denial of Service Attack to UMTS Networks Using SIM-Less Devices

A DENIAL OF SERVICE
ATTACK TO UMTS NETWORKS USING SIM-LESS DEVICES

ABSTRACT:

One of the fundamental
security elements in cellular networks is the authentication procedure
performed by means of the Subscriber Identity Module that is required to grant
access to network services and hence protect the network from unauthorized usage.
Nonetheless, in this work we present a new kind of denial of service attack
based on properly crafted SIM less devices that, without any kind of
authentication and by exploiting some specific features and performance
bottlenecks of the UMTS network attachment process, are potentially capable of
introducing significant service degradation up to disrupting large sections of
the cellular network coverage. The knowledge of this attack can be exploited by
several applications both in security and in network equipment manufacturing
sectors.

EXISTING SYSTEM:

The complexity of the
mobile network structure may hide both unknown and known vulnerabilities that
proper analysis tools and formal techniques can unveil. Beyond
protocol-specific vulnerabilities, the same network complexity may also hide
potential performance bottlenecks in signaling protocols or control
applications/ components that can be exploited by several kinds of Denial of Service
(DoS) attacks in order to tear down critical service subsystems or overwhelm
them with large number of requests, exhausting the resources needed to ensure
network operations. The effects, in terms of coverage, of DoS attacks
progressively increase when moving from physical (i.e., using a radio jammer)
towards the upper layers (i.e., affecting application-level subsystems serving
large portion of the cellular network). Luckily, most of the known attacks are
not easy to implement since they require a very large number of mobile
cooperating devices (usually several thousands) or access to

internal MNO facilities to be really effective.
Nonetheless, the potential impact of these attacks on mobile phone networks has
not been sufficiently assessed and needs further study.

DISADVANTAGES OF
EXISTING SYSTEM:

·DoS attacks progressively increase when
moving from physical (i.e., using a radio jammer) towards the upper layers.

PROPOSED
SYSTEM:

This work, by focusing on the node attachment procedure
in Universal Mobile Telecommunications System (UMTS) infrastructures, shows
that it is possible to mount a full-fledged DoS attack potentially capable of
shutting down large sections of the network coverage without the need of
hijacking or controlling actual users’ terminals, as well as that the number of
devices necessary to make such an attack effective is limited to a few hundred
ones. This attack exclusively operates at the user-level by relying on
unavoidable protocol-level signaling features so that no hacking on intra-operator
facilities is needed. It is

indirectly
targeted at the Home Location Register (HLR) that is the database containing
information on mobile subscribers as well as call blocking and forwarding
rules, that can be overwhelmed by service requests. Since this database is a
critical component, often revealing to be a major bottleneck within the overall
infrastructure, an outage of its functionality may cause an interruption of
other mobile services too, finally resulting in a mobile network DoS potentially
leaving thousands of devices without their lifelines to the network core. Furthermore,
the presented attack does not require the use of real mobile handsets equipped
with valid Subscriber Identity Module (SIM) modules and needs only a limited number
(a few hundreds) of UMTS radio interfaces, eventually located on a single
ad-hoc device, in order to inject the signaling traffic necessary to reach a
critical level of disruption on the target cellular infrastructure.

ADVANTAGES OF PROPOSED
SYSTEM:

vIt give rise to several applications,
ranging from cyber-warfare devices, that can be used in both intelligence and
military scenarios to temporarily defeat UMTS communications within specific
areas, to assessment/benchmarking tools that can be extremely useful in
dimensioning, through “torture test” practices, new distributed HLR solutions.